File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Conference Paper: Identifying volatile data from multiple memory dumps in live forensics

TitleIdentifying volatile data from multiple memory dumps in live forensics
Authors
KeywordsLive Forensics
Memory Analysis
Volatile Data
Issue Date2010
Citation
Ifip Advances In Information And Communication Technology, 2010, v. 337 AICT, p. 185-194 How to Cite?
AbstractOne of the core components of live forensics is to collect and analyze volatile memory data. Since the dynamic analysis of memory is not possible, most live forensic approaches focus on analyzing a single snapshot of a memory dump. Analyzing a single memory dump raises questions about evidence reliability; consequently, a natural extension is to study data from multiple memory dumps. Also important is the need to differentiate static data from dynamic data in the memory dumps; this enables investigators to link evidence based on memory structures and to determine if the evidence is found in a consistent area or a dynamic memory buffer, providing greater confidence in the reliability of the evidence. This paper proposes an indexing data structure for analyzing pages from multiple memory dumps in order to identify static and dynamic pages. © 2010 International Federation for Information Processing.
Persistent Identifierhttp://hdl.handle.net/10722/151988
ISSN
2023 SCImago Journal Rankings: 0.242
References

 

DC FieldValueLanguage
dc.contributor.authorLaw, Fen_US
dc.contributor.authorChan, Pen_US
dc.contributor.authorYiu, SMen_US
dc.contributor.authorTang, Ben_US
dc.contributor.authorLai, Pen_US
dc.contributor.authorChow, KPen_US
dc.contributor.authorIeong, Ren_US
dc.contributor.authorKwan, Men_US
dc.contributor.authorHon, WKen_US
dc.contributor.authorHui, Len_US
dc.date.accessioned2012-06-26T06:32:10Z-
dc.date.available2012-06-26T06:32:10Z-
dc.date.issued2010en_US
dc.identifier.citationIfip Advances In Information And Communication Technology, 2010, v. 337 AICT, p. 185-194en_US
dc.identifier.issn1868-4238en_US
dc.identifier.urihttp://hdl.handle.net/10722/151988-
dc.description.abstractOne of the core components of live forensics is to collect and analyze volatile memory data. Since the dynamic analysis of memory is not possible, most live forensic approaches focus on analyzing a single snapshot of a memory dump. Analyzing a single memory dump raises questions about evidence reliability; consequently, a natural extension is to study data from multiple memory dumps. Also important is the need to differentiate static data from dynamic data in the memory dumps; this enables investigators to link evidence based on memory structures and to determine if the evidence is found in a consistent area or a dynamic memory buffer, providing greater confidence in the reliability of the evidence. This paper proposes an indexing data structure for analyzing pages from multiple memory dumps in order to identify static and dynamic pages. © 2010 International Federation for Information Processing.en_US
dc.languageengen_US
dc.relation.ispartofIFIP Advances in Information and Communication Technologyen_US
dc.subjectLive Forensicsen_US
dc.subjectMemory Analysisen_US
dc.subjectVolatile Dataen_US
dc.titleIdentifying volatile data from multiple memory dumps in live forensicsen_US
dc.typeConference_Paperen_US
dc.identifier.emailYiu, SM:smyiu@cs.hku.hken_US
dc.identifier.emailChow, KP:chow@cs.hku.hken_US
dc.identifier.emailHui, L:hui@cs.hku.hken_US
dc.identifier.authorityYiu, SM=rp00207en_US
dc.identifier.authorityChow, KP=rp00111en_US
dc.identifier.authorityHui, L=rp00120en_US
dc.description.naturelink_to_subscribed_fulltexten_US
dc.identifier.doi10.1007/978-3-642-15506-2_13en_US
dc.identifier.scopuseid_2-s2.0-78651108753en_US
dc.relation.referenceshttp://www.scopus.com/mlt/select.url?eid=2-s2.0-78651108753&selection=ref&src=s&origin=recordpageen_US
dc.identifier.volume337 AICTen_US
dc.identifier.spage185en_US
dc.identifier.epage194en_US
dc.identifier.scopusauthoridLaw, F=19640490000en_US
dc.identifier.scopusauthoridChan, P=52563246100en_US
dc.identifier.scopusauthoridYiu, SM=7003282240en_US
dc.identifier.scopusauthoridTang, B=36844721900en_US
dc.identifier.scopusauthoridLai, P=19640260600en_US
dc.identifier.scopusauthoridChow, KP=7202180751en_US
dc.identifier.scopusauthoridIeong, R=22734240200en_US
dc.identifier.scopusauthoridKwan, M=19640239200en_US
dc.identifier.scopusauthoridHon, WK=7004282818en_US
dc.identifier.scopusauthoridHui, L=8905728300en_US
dc.identifier.issnl1868-4238-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats